Firewall event log filtering


#1

Today I noticed that CF had updated the firewall display, I was somewhat excited as I heard rumors that they will updating the filter. Didnt take long to realise that those rumors were… well just rumors

Does anyone else have an event log that looks like mine? Literally I can view up to 2 minutes of logs due to SEMRush bot. How can I possibly monitor that my new WAF has been set up properly and not blocking legit traffic? How can I see whether or not I get any value from having a pro membership?

How can a company that prides themselves as a security solution have a filtering system that is so basic that it is practically unusable??

This isn’t something new, my logs have looked like this for 3 weeks now. how hard is it to build in some basic search operators?


#2

Advanced analytics and filtering were just released for our Enterprise customers in the last couple of days. https://blog.cloudflare.com/new-firewall-tab-and-analytics/

Self service customer, or customers who want to consume the data in other ways can also use the API https://api.cloudflare.com/#firewall-events-properties and pull it into an existing tool or parse it with a script like https://github.com/cloudflare/wafanalyzer